DATA PROTECTION OFFICE

If you have concerns, inquiries, complaints, or would like to report a security incident to us, you may download our Contact Form and email us. Or you may use our Data Privacy Contact Form via Google Forms.

Frequently Asked Questions on Data Privacy

1. What is the Data Privacy Act of 2012?2. What is personal data?3. What is personal information?4. What is sensitive personal information?5. What is privileged information?6. Does the difference between personal information and sensitive personal information matter?7. Who are data subjects?8. What is a personal information controller?9. What is a personal information processor?10. What are your rights as a Data Subject of the University?11. Why is there a need to protect your personal data?12. How does the University protect your personal information?13. Is there a government agency to administer and implement the provisions of this Act?

What is the Data Privacy Act of 2012?

Republic Act No. 10173, also known as the Data Privacy Act of 2012, is an act created to protect your personal information in information communications systems in the government and the private sector.

What is personal data?

Personal data is the collective term used to refer to your personal information, sensitive personal information, and privileged information.

What is personal information?

Personal information refers to any information that would reasonably identify you as an individual, or when put together with other information, would directly ascertain or make apparent your identity.

What is sensitive personal information?

Sensitive personal information includes information:
a) About your race, ethnic origin, marital status, age, color, affiliations (i.e., religious, philosophical or political), health, education, genetic or sexual life;
b) Of any proceeding for any offense committed or allegedly committed, the disposal of such proceedings, or the sentence of any court in such proceedings;
c) Issued by government agencies peculiar to you (e.g., social security numbers, health records, licenses or its denials, suspension or revocation, tax returns, etc.); and
d) Specifically established to be kept classified by an executive order or act of Congress.

What is privileged information?

Privileged information refers to all data classified under the Rules of Court and other pertinent laws as “privileged communication”. In particular, they refer to:
a) Any communication shared in confidence between husband and wife;
b) Any communication or advice between an attorney and a client;
c) Any advice or treatment given, or any information acquired by a doctor from a patient;
d) Any confession made by a person to a minister or priest, as well as any advice subsequently given to that person;
e) Communication made to a public officer in official confidence.

Does the difference between personal information and sensitive personal information matter?

YES. The Act treats the processing of both kinds of personal information differently. Personal information may be processed in compliance with the requirements of the Act, while the processing of sensitive personal information are, in general, prohibited and is allowed to be processed only under specific cases provided by the Act.

Who are data subjects?

Data subjects refer to individuals whose personal information is processed. The University’s largest category of data subjects includes its students and employees.

What is a personal information controller?

Personal information controller (PIC) is any person or organization who controls the processing of personal information. This includes person or organization who instructs or outsources another to do the processing on its behalf. This term excludes a person or organization who does the processing as instructed by another person and organization, or in connection with another’s affairs.

What is a personal information processor?

Personal information processor (PIP) is any person or organization whom a PIC may instruct or outsource the processing of personal information.

What are your rights as a Data Subject of the University?

Under the Data Privacy Act of 2012, you are afforded rights regarding the processing your personal data. These include:
• Right to be informed that your personal data will be or is being processed;
• Right to reasonable access to your personal data being processed by the personal data controller or personal data processor;
• Right to dispute the inaccuracy or error in the personal data;
• Right to request the suspension, withdrawal, blocking, removal or destruction of personal data; and
• Right to complain and be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data.

Why is there a need to protect your personal data?

In this digital era, your personal information, when left unprotected, may be prone to threats of commercial or fraud-oriented actors primarily interested in money like identity thieves and personal data marketers.

How does the University protect your personal information?

The University strives to ensure that your personal data under our custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. Reasonable and appropriate organizational, physical, and technical security measures are put in place to maintain the availability, integrity, and confidentiality of your personal data.

Is there a government agency to administer and implement the provisions of the Act?

YES. The National Privacy Commission is an independent body created to carry out the provisions of the Act, and to monitor and ensure the country’s compliance with international data protection standards.